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IN THE CLAIMS 

The current claims follow. For claims not marked as amended in this response, any 
difference in the claims below and the previous state of the claims is unintentional and in the nature 
of a typographical error. 

1 . (Previously Presented) For use in a wireless network comprising a plurality of base 
stations, each of said base stations capable of communicating with a plurality of mobile stations, a 
security device coupled by a wireline connection to said wireless network capable of preventing an 
unprovisioned one of said plurality of mobile stations from accessing an Internet protocol (IP) data 
network through said wireless network, said security device comprising: 

a first controller capable of receiving an EP data packet transmitted by said unprovisioned 
mobile station, said TP data packet comprising an IP packet header and an IP packet payload, 
determining from said IP data packet that said unprovisioned mobile station is unprovisioned and, in 
response to said determination, encrypting at least a portion of said IP packet payload to thereby 
generate an encrypted payload that may be decrypted only by a provisioning server of said wireless 
network. 

2. (Original) The security device set forth in Claim 1 wherein said first controller is 
disposed in at least one of said plurality of base stations. 
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3. (Original) The security device set forth in Claim 1 wherein said first controller is 
disposed in at least one of a mobile switching center and an interworking function of said wireless 
network. 

4. (Original) The security device set forth in Claim 1 further comprising a second 
controller capable of determining that said unprovisioned mobile station is unprovisioned. 

5. (Previously Presented) The security device set forth in Claim 4 wherein said second 
controller determines that said unprovisioned mobile station is unprovisioned if said unprovisioned 
mobile station is unable to authenticate to said wireless network. 

6. (Previously Presented) The security device set forth in Claim 4 wherein said second 
controller determines that said unprovisioned mobile station is unprovisioned according to a 
predetermined telephone number associated with a service provisioning process selected by said 
unprovisioned mobile station. 

7. (Previously Presented) The security device set forth in Claim 4 wherein said second 
controller determines that said unprovisioned mobile station is unprovisioned according to data 
retrieved from a home location register associated with said wireless network. 
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8. (Original) The security device set forth in Claim 1 wherein said first controller 
comprises a data processor capable of executing an encryption program stored in a memory 
associated with said data processor. 

9. (Previously Presented) A wireless network comprising: 

a plurality of base stations, each of said base stations capable of communicating with a 
plurality of mobile stations; and 

a security device coupled by a wireline connection to said wireless network capable of 
preventing an unprovisioned one of said plurality of mobile stations from accessing an Internet 
protocol (IP) data network through said wireless network, said security device comprising: 

a first controller capable of receiving an IP data packet transmitted by said 
unprovisioned mobile station, said IP data packet comprising an IP packet header and an IP 
packet payload, determining from said IP data packet that said unprovisioned mobile station 
is unprovisioned and, in response to said determination, encrypting at least a portion of said 
IP packet payload to thereby generate an encrypted payload that may be decrypted only by a 
provisioning server of said wireless network. 

10. (Original) The wireless network set forth in Claim 9 wherein said first controller is 
disposed in at least one of said plurality of base stations. 
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1 1 . (Original) The wireless network set forth in Claim 9 wherein said first controller is 
disposed in at least one of a mobile switching center and an interworking function of said wireless 
network. 

12. (Original) The wireless network set forth in Claim 9 further comprising a second 
controller capable of determining that said unprovisioned mobile station is unprovisioned. 

13. (Previously Presented) The wireless network set forth in Claim 12 wherein said 
second controller determines that said unprovisioned mobile station is unprovisioned if said 
unprovisioned mobile station is unable to authenticate to said wireless network. 

14. (Previously Presented) The wireless network set forth in Claim 12 wherein said 
second controller determines that said unprovisioned mobile station is unprovisioned according to a 
predetermined telephone number associated with a service provisioning process selected by said 
unprovisioned mobile station. 

15. (Previously Presented) The wireless network set forth in Claim 12 wherein said 
second controller determines that said unprovisioned mobile station is unprovisioned according to 
data retrieved from a home location register associated with said wireless network. 
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16. (Original) The wireless network set forth in Claim 9 wherein said first controller 
comprises a data processor capable of executing an encryption program stored in a memory 
associated with said data processor. 

17. (Previously Presented) For use in a wireless network comprising a plurality of base 
stations, each of the base stations capable of communicating with a plurality of mobile stations, a 
method of preventing an unpro visioned one of the plurality of mobile stations from accessing an 
Internet protocol (IP) data network through the wireless network, the method comprising the steps of: 

receiving an IP data packet transmitted by the unprovisioned mobile station in a security 
device coupled by a wireline connection to the wireless network, the IP data packet comprising an IP 
packet header and an IP packet payload; 

determining that the unprovisioned mobile station is unprovisioned; and 
encrypting at least a portion of the IP packet payload to thereby generate an encrypted 
payload that may be decrypted only by a provisioning server of said wireless network. 

18. (Original) The method set forth in Claim 17 wherein the step of determining 
comprises the step of determining that the unprovisioned mobile station is unable to authenticate to 
the wireless network. 
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19. (Original) The method set forth in Claim 17 wherein the step of determining 
comprises the step of determining that the unprovisioned mobile station selected a predetermined 
telephone number associated with a service provisioning process. 

20. (Original) The method set forth in Claim 1 7 wherein the step of determining that the 
unprovisioned mobile station is unprovisioned comprises the step of examining data retrieved from a 
home location register associated with the wireless network. 
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